Mobile platforms or connected devices such as smart phones, personal computers, tablet PCs and smart meters are integrating a secure element to authenticate the platform, to protect user credentials or to secure transactions. The secure element is typically a highly tamper resistant device that provides a secure execution environment isolated from the host processor. The secure element may be integrated into various form factors such as, for example, SIM cards, SD cards, or small outline packages attached directly on the printed circuit board (embedded secure element).
The activation of the functionalities of a device or validation of an operation involving the device typically requires authentication of the user by the secure element. Typically, the user enters a PIN directly on a touch screen or a keypad of the device. The entered PIN is communicated to the secure element via the host processor which resides in an open, nonsecure environment. Because user's devices are typically connected to one or more network, the devices can be infected by malware capable of intercepting the user's PIN.
The secure element is integrated into, for example, a mobile handset or PC that is controlled by the host processor. The secure element is typically a slave device that cannot distinguish between a PIN entered by the user or by malware. In both instances, the secure element receives the same command from the host processor. In the typical mobile handset architecture, the PIN is entered either on a physical keypad or on a virtual keypad of a touch screen. The user input is always under the control of the host processor which creates security vulnerabilities. Typical solutions to the vulnerabilities are software solutions, that may or may not be enforced by hardware features that attempt to isolate the PIN entry process, including the keypad and or display drivers, from other processes that run on the host processor. The various techniques of process isolation or virtualization create a secure environment that is typically not tamper resistant and also typically increases the complexity of the required software architecture. One implementation of such a technique is the TEE proposed by GlobalPlatform TEE White Paper, February 2011 and incorporated herein by reference in its entirety which states in part:                The TEE is a separate execution environment that runs alongside the Rich OS and provides security services to that rich environment. The TEE offers an execution space that provides a higher level of security than a Rich OS; though not as secure as a Secure Element (SE), the security offered by the TEE is sufficient for most applications. In this way, the TEE delivers a balance allowing for greater security than a Rich OS environment with considerably lower cost than an SE.        
Prior art connected device architecture 100 (e.g. mobile handset architecture) is shown in FIG. 1. Display 110 and keypad 120 (keypad 120 may be a physical or virtual keypad) are connected to host processor 130 along with Secure Element (SE) 150 and Subscriber Identity Module (SIM) 140. SIM 140 is a secure element that typically contains the international mobile subscriber identity (IMSI) and the related key used to authenticate subscribers on mobile networks. SE 150 and SIM 140 securely store applications such as a mobile wallet application. SE 150 and SIM 140 activation is protected with two passwords: a personal identification number (PIN) for ordinary use and a personal unblocking code (PUK) for PIN unlocking. When the PIN is requested by SE 150 or SIM 140, host processor 130 can inform the user that it is running in secure mode by displaying a security indicator that, for example, was preselected by the user such as mother's maiden name or a selected photo thumbnail. While the security indicator provides a valuable indication to the user, it does not guarantee that the PIN received by SE 150 has been entered by the user.